Pages

About us

H4xOrin' T3h WOrLd

Sunny Kumar is a computer geek and technology blogger. He is a founder and editor of H4xOrin’ T3h WOrLd web-site. Always passionate about Ethical Hacking, Penetration Testing of Web applications, security, gadgets and ev-erything to go with it.His goal of life is to raise the awareness of Information Security, which is nowadays is the key to a successful business.

One teensy-weensy, but ever so crucial little tiny detail is that the backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, itisexploitable over the wireless network, which hasWPSenabled by default with no brute force rate limiting. My shiny newReaverProbox made relatively short work of cracking WPS, providing access to the WLAN and a subsequent root shell on the router (they also ship with a default WPA key, which you might want to try first):

ReaverPro cracking the WPS pin

Starting telnetd and getting a root shell

As the magic string suggests, this backdoor was likely first implemented in Tenda’sW302Rrouter, although it also exists in the TendaW330R, as well as re-branded models, such as the MedialinkMWN-WAPR150N. They all use the same “w302r_mfg” magic packet string.